CN101341715A - Methods and devices for defending a 3g wireless network against malicious attacks - Google Patents
Methods and devices for defending a 3g wireless network against malicious attacks Download PDFInfo
- Publication number
- CN101341715A CN101341715A CNA2006800478106A CN200680047810A CN101341715A CN 101341715 A CN101341715 A CN 101341715A CN A2006800478106 A CNA2006800478106 A CN A2006800478106A CN 200680047810 A CN200680047810 A CN 200680047810A CN 101341715 A CN101341715 A CN 101341715A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- information
- profile
- wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Wireless state information collected or inferred from a 3G wireless network is used to detect and prevent malicious attacks against the network.
Description
Background technology
To the frequency of magnitude of malicious attacks against wireless networks and grade always in continuous increase.
Proposed a large amount of solutions and be used to resist malicious attack communication network.Though the attack that these schemes may alleviate cable network threatens, they are inappropriate to wireless network.
For example, in cable service refusal (DoS) was attacked, comparatively speaking, the server of taking a very long time was just disabled, because this type of machine has than the big disposal ability of wireless endpoint (portable terminal), and wireless endpoint has limited disposal ability and power source life.In addition, compare with cable network, wireless link bandwidth is seriously limited.Therefore, if arrive portable terminal, attack the keystone resources of successfully having wasted Radio Link, radio infrastructure and battery of mobile terminal power supply from the business of attacking.This with must exhaust the server process resource in case the success typical wired DoS attack differ widely.
The attack that wireless network is attempted has polytype, and wherein two kinds is that signaling type is attacked and battery (that is sleep deprivation) is attacked.Simultaneously the U.S. Patent application No._______ of pending trial and _ _ _ _ _ _ _ all incorporated herein, just look like that it has all set forth equally at this, it has been discussed this type of and has attacked, and has proposed to resist the concrete technology of this type of attack.
But, the attack of 3G wireless network is not limited to just signaling and battery attacks.
Therefore, be desirable to provide and be used to protect many type 3G wireless networks to avoid the method and apparatus that polytype is attacked.
Summary of the invention
The inventor has realized that by the wireless status information of utilize collecting or inferring, can prevent or reduces attack to the 3G wireless network in a large number.
More particularly, one embodiment of the present of invention (that is, example) are by obtaining wireless status information, and with the information that obtains and profile comparison to determine to attack the unit in the alignment network whether, be provided for detecting attack to the 3G wireless network.
By using wireless status information, the inventor believes can easier detection and prevent to attack.
Description of drawings
Fig. 1 illustrates the example that is used to protect the architecture that the 3G wireless network avoids attacking according to one embodiment of the invention.
Embodiment
In order to protect the mobile device in the 3G wireless network to avoid polytype attack, the invention provides a kind of novel architecture that is called anti-wireless attack architecture (AWARE).
Fig. 1 illustrates example of AWARE architecture according to an embodiment of the invention.
In one embodiment of the invention, AWARE architecture (for example enabled device) 100 can comprise learning database or profile device 101 and detect engine or detector 102.Profile device 101 can be operated with the different units from the radio infrastructure 1 (for example network) that comprises base station (BS) 103, radio network controller (RNC) 104 and packet data serving node PDSN 105 and collect wireless status information.In alternative of the present invention, AWARE enabled device 100 can be inferred state information from its understanding to wireless network 1 can't acquisition of information the time.
Profile device 101 can be operated generally to catch during pre-treatment step and the information of storing relevant user 200, so that for example use one or more statistical measurements to be created on normally the service profile of given user under (promptly not having attack) situation.In another embodiment of the present invention, after creating initial profile, profile device 101 can be based on the change of user behavior and the regular update profile.The information of when making up profile, using include but not limited to divide into groups the IP address and the port numbers of the time of advent, source and destination.It should be understood that profile device 101 can comprise one or more databases.These databases can be communicated by letter with the profile device with other customer data base, so as to intersect portable terminal, to intersect RNC or the PDSN that intersects relevant.For example, can flock together from a plurality of data of database that are associated with one or more PDSN, and for example similitude be analyzed.Similitude can be indicated and be started or have an attack of crossing over a plurality of PDSN.
A novel aspect of the mechanism of filing provided by the invention is can the relevant profile of user, application program and server is relevant.For user profiles, we refer to each user's statistics.This division can be used further classification according to each.For example, surfing on the net is the most frequently used services of most of users.Similarly, ordering server can use the RTP grouping to the users broadcasting video.By the arrival of record HTTP/RTP grouping, also can collect statistics based on each WEB server or any IP source.
In order to realize scalability, profile device 101 can be operated so that with for example identical tolerance, crosses over to have user's aggregate profiles of similar behavior.Assemble that profile can scalable mode be stored, so that it for example can be easier afterwards relevant.For example, current business can compare with the profile of assembling, to detect inconsistency.Also can be the profile that generic server and application program keep gathering.Use the flexibility of different sorting techniques to allow what to characterize more comprehensively and exactly and be regarded as regular traffic.
Forward detector 102 now to, it can be operated to use one or more to detect heuristic and detect the 3G wireless attack.
A little in more detail, spendable signaling cost example is the signaling cost when business traveled through wireless network 1.Malicious traffic can have been introduced too much signaling cost and identified owing to it.Cooperation according to obtaining from unit in the wireless network 1 can obtain the signaling cost in every way.
In one embodiment of the invention, detector 102 can be operated with the no attack of will be stored or normal profile and current business condition and compare, and whether violates normal profile so that determine user or one group of user's 200 current business.
Attack and identify the assailant in case detect, AWARE enabled device 100 just can be by for example reconfiguring or configuring firewalls 106 (rule in the fire compartment wall for example is set) stops from suspected attack person all professional in the future.
As mentioned above, AWARE enabled device provided by the invention is collected wireless particular state information, comprises that the foundation of radio data channels and release and portable terminal are in the time of active state.The inventor knows do not have other device to collect wireless status information and use it to detect the 3G wireless attack in similar mode of the present invention up to now.
In other embodiments of the invention, AWARE enabled device 100 can be operated with in different stage granularity (for same measurement parameter) maintenance information.In other words, for same measurement parameter, can use different aggregation levels.For example, based on portable terminal, RNC, BS, PDSN or external source.This allow to detect heuristic and searches a plurality of levels other is unusual, prevents that the assailant from striding different RNC and scattering malicious traffic, perhaps starts the attack that particular B S is not limited oneself.
According to the present invention, the position of AWARE enabled device can be different.
For example, the AWARE enabled device can with the fire compartment wall 106 of wireless service provider at same position.If select this type of design, any other parts that then may needn't assumed wireless network 1 are known and are had AWARE enabled device 100, perhaps with AWARE enabled device 100 reciprocations.
In yet another embodiment of the present invention, this type of profile device 101 in the AWARE of same position enabled device 100 can use such as grouping and arrive and make up profile from the IP layer information such as information of IP/TCP and application layer title.This hypothesis AWARE enabled device 100 can be observed grouping.If IPsec (tunnel mode) enables, then AWARE enabled device 100 can with IPsec gateway in the territory at same position, so that can decipher and check packet header and Payload.
In " minimum invasion " design, AWARE enabled device 100 is checked the IP grouping that slave firewall 106 transmits before the IP grouping arrives PDSN105.All must information be included in TCP and IP title and the Payload itself.Profile device 101 makes up the required information of profile and can extract from above-mentioned title and Payload.
If AWARE enabled device and IPsec gateway, then need with gateway so-called security association is arranged not at same position, so that it can and handle the grouping that ESP encapsulates in the tunnel mode deciphering.
If AWARE enabled device and fire compartment wall, then can use interface not at same position and communicate by letter such as gyp fire compartment walls of tool such as the FIREWALL-1 of CHECKPOINT, so that AWARE enabled device configurable firewall filter etc.
In alternative of the present invention, AWARE enabled device 100 can be operated between PDSN 105 and RNC 104.This type of the design in, device can with PDSN 105 reciprocations to obtain the information how relevant grouping is assigned to different RNCs.
In addition, when the AWARE enabled device is operated, can gather more user's particular state information between PDSN and RNC.This provides than fine granularity information, such as: be used for the signaling event quantity, signaling message timestamp of FCH and SCH foundation/release and through the power control information of the estimation mobile terminal power consumption of base station.The AWARE enabled device also may can obtain mobility for information about, because portable terminal can cross another RNC from a RNC.Mobility information must be analyzed the influence value that detects heuristic, because high mobile end user can have significant role to network load.Start the attachment of a task that for example need increase processing expenditure greatly, such as paging more continually to high mobile subscriber's wireless DoS attack.In addition, portable terminal can be initiated to be connected with the PPP of PDSN before initiating transmission.The AWARE enabled device also can be inquired about PDSN to obtain ppp state history.
The AWARE enabled device also can be inquired about RNC and be set up incident and power control messages to obtain channel, and they are sent to portable terminal should with what power emission data with indicating mobile terminal.
The present invention also can provide the AWARE compatibility interface.In other embodiments of the invention, the AWARE compatibility interface is provided for allowing for example query wireless user/mobile terminal state of AWARE enabled device.This class interface also can allow the unit communication of AWARE enabled device (or multiple arrangement) with secured fashion and wireless network, so that obtain portable terminal/user specific information.
Certain that it should be understood that method of the present invention, AWARE enabled device, interface and any sub-component (for example learning database, profile device, detector etc.) available hardware, software, firmware or three makes up to be realized.For example, one or more able to programme or programmable controller, processor or computer-readable medium can operate alone or in combination to store one or more instructions, program or code (and data) together, this instruction, program or code can be operated again to address characteristic of the present invention and the function in following claims on carrying out.
Claims (8)
1. method that is used to detect to the attack of 3G wireless network comprises:
Obtain wireless status information; And
Relatively the information of Huo Deing and profile are to determine whether attack aims at the unit in the described network.
2. the method for claim 1 also comprises: described relatively when indication is attacked, the malicious traffic that prevents to plan to give mobile device in the described network arrives described device.
3. the method for claim 1, wherein the one or more network element from described network are collected described state information.
4. the method for claim 1 is wherein from inferring described state information to the understanding of described network.
5. device that is used to detect to the attack of 3G wireless network, can operate with:
Obtain wireless status information; And
Relatively the information of Huo Deing and profile are to determine whether attack aims at the unit in the described network.
6. device as claimed in claim 5, also can operate with: described relatively when indication is attacked, the malicious traffic that prevents to plan to give mobile device in the described network arrives described device.
7. device as claimed in claim 5, wherein said device also can be operated with the one or more unit from described network and collect described state information.
8. device as claimed in claim 5, wherein said device also can be operated to infer state information from the understanding to described network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510440938.XA CN105025026A (en) | 2005-12-19 | 2006-12-15 | Methods and devices for defending a 3G wireless network against malicious attacks |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/303,915 US8965334B2 (en) | 2005-12-19 | 2005-12-19 | Methods and devices for defending a 3G wireless network against malicious attacks |
US11/303,915 | 2005-12-19 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510440938.XA Division CN105025026A (en) | 2005-12-19 | 2006-12-15 | Methods and devices for defending a 3G wireless network against malicious attacks |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101341715A true CN101341715A (en) | 2009-01-07 |
Family
ID=38175285
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2006800478106A Pending CN101341715A (en) | 2005-12-19 | 2006-12-15 | Methods and devices for defending a 3g wireless network against malicious attacks |
CN201510440938.XA Pending CN105025026A (en) | 2005-12-19 | 2006-12-15 | Methods and devices for defending a 3G wireless network against malicious attacks |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510440938.XA Pending CN105025026A (en) | 2005-12-19 | 2006-12-15 | Methods and devices for defending a 3G wireless network against malicious attacks |
Country Status (6)
Country | Link |
---|---|
US (2) | US8965334B2 (en) |
EP (1) | EP1964366B1 (en) |
JP (2) | JP5378799B2 (en) |
KR (1) | KR20080076960A (en) |
CN (2) | CN101341715A (en) |
WO (1) | WO2007075423A2 (en) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9036540B2 (en) * | 2007-09-28 | 2015-05-19 | Alcatel Lucent | Method and system for correlating IP layer traffic and wireless layer elements in a UMTS/GSM network |
WO2010145855A1 (en) | 2009-06-15 | 2010-12-23 | Pantec Biosolutions Ag | Monolithic, side pumped solid-state laser and method for operating the same |
JP6636329B2 (en) * | 2012-11-22 | 2020-01-29 | コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ | System for detecting behavior in communication networks |
US9722918B2 (en) | 2013-03-15 | 2017-08-01 | A10 Networks, Inc. | System and method for customizing the identification of application or content type |
US9912555B2 (en) | 2013-03-15 | 2018-03-06 | A10 Networks, Inc. | System and method of updating modules for application or content identification |
WO2014176461A1 (en) | 2013-04-25 | 2014-10-30 | A10 Networks, Inc. | Systems and methods for network access control |
US9294503B2 (en) | 2013-08-26 | 2016-03-22 | A10 Networks, Inc. | Health monitor based distributed denial of service attack mitigation |
US9756071B1 (en) | 2014-09-16 | 2017-09-05 | A10 Networks, Inc. | DNS denial of service attack protection |
US9537886B1 (en) | 2014-10-23 | 2017-01-03 | A10 Networks, Inc. | Flagging security threats in web service requests |
US9621575B1 (en) | 2014-12-29 | 2017-04-11 | A10 Networks, Inc. | Context aware threat protection |
US9584318B1 (en) | 2014-12-30 | 2017-02-28 | A10 Networks, Inc. | Perfect forward secrecy distributed denial of service attack defense |
US9900343B1 (en) * | 2015-01-05 | 2018-02-20 | A10 Networks, Inc. | Distributed denial of service cellular signaling |
US9848013B1 (en) | 2015-02-05 | 2017-12-19 | A10 Networks, Inc. | Perfect forward secrecy distributed denial of service attack detection |
US10063591B1 (en) | 2015-02-14 | 2018-08-28 | A10 Networks, Inc. | Implementing and optimizing secure socket layer intercept |
US9787581B2 (en) | 2015-09-21 | 2017-10-10 | A10 Networks, Inc. | Secure data flow open information analytics |
JP6049841B1 (en) * | 2015-11-19 | 2016-12-21 | 三菱電機株式会社 | In-vehicle network management apparatus and in-vehicle network management method |
US10505984B2 (en) | 2015-12-08 | 2019-12-10 | A10 Networks, Inc. | Exchange of control information between secure socket layer gateways |
US10469594B2 (en) | 2015-12-08 | 2019-11-05 | A10 Networks, Inc. | Implementation of secure socket layer intercept |
US10116634B2 (en) | 2016-06-28 | 2018-10-30 | A10 Networks, Inc. | Intercepting secure session upon receipt of untrusted certificate |
US10158666B2 (en) | 2016-07-26 | 2018-12-18 | A10 Networks, Inc. | Mitigating TCP SYN DDoS attacks using TCP reset |
CN108076019B (en) * | 2016-11-17 | 2021-04-09 | 北京金山云网络技术有限公司 | Abnormal flow detection method and device based on flow mirror image |
CN112448894B (en) * | 2019-09-03 | 2022-08-19 | 华为技术有限公司 | Method, device, equipment and storage medium for blocking signaling storm |
CN113727348B (en) * | 2020-05-12 | 2023-07-11 | 华为技术有限公司 | Method, device, system and storage medium for detecting user data of User Equipment (UE) |
WO2021234796A1 (en) * | 2020-05-18 | 2021-11-25 | 株式会社日立国際電気 | Mobile communication system |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0804859B1 (en) * | 1995-11-20 | 2004-05-26 | Koninklijke Philips Electronics N.V. | System, method and communication station for voice and non-voice communication |
JP3332221B2 (en) | 1999-05-28 | 2002-10-07 | 株式会社エヌ・ティ・ティ・データ | Mobile terminal connection management method and method |
DE60135550D1 (en) * | 2000-05-12 | 2008-10-09 | Niksun Inc | SECURITY CAMERA FOR A NETWORK |
US7707305B2 (en) | 2000-10-17 | 2010-04-27 | Cisco Technology, Inc. | Methods and apparatus for protecting against overload conditions on nodes of a distributed network |
WO2003029934A1 (en) | 2001-09-28 | 2003-04-10 | British Telecommunications Public Limited Company | Agent-based intrusion detection system |
US7092357B1 (en) * | 2001-11-13 | 2006-08-15 | Verizon Services Corp. | Anti-flooding flow-control methods and apparatus |
CN100379201C (en) | 2001-11-29 | 2008-04-02 | 上海交通大学 | Distributed hacker tracking system in controllable computer network |
US7171493B2 (en) * | 2001-12-19 | 2007-01-30 | The Charles Stark Draper Laboratory | Camouflage of network traffic to resist attack |
CA2414789A1 (en) * | 2002-01-09 | 2003-07-09 | Peel Wireless Inc. | Wireless networks security system |
JP3923346B2 (en) | 2002-03-29 | 2007-05-30 | 京セラ株式会社 | Wireless communication device |
TW595140B (en) * | 2002-04-22 | 2004-06-21 | Cognio Inc | System and method for spectrum management of a shared frequency band |
US7383577B2 (en) | 2002-05-20 | 2008-06-03 | Airdefense, Inc. | Method and system for encrypted network management and intrusion detection |
US7050800B2 (en) * | 2002-07-31 | 2006-05-23 | Interdigital Technology Corporation | Method and apparatus for WLAN-UMTS interworking employing UMTS air interface |
US7295831B2 (en) * | 2003-08-12 | 2007-11-13 | 3E Technologies International, Inc. | Method and system for wireless intrusion detection prevention and security management |
US7464158B2 (en) | 2003-10-15 | 2008-12-09 | International Business Machines Corporation | Secure initialization of intrusion detection system |
US20050213553A1 (en) | 2004-03-25 | 2005-09-29 | Wang Huayan A | Method for wireless LAN intrusion detection based on protocol anomaly analysis |
JP4371905B2 (en) | 2004-05-27 | 2009-11-25 | 富士通株式会社 | Unauthorized access detection device, unauthorized access detection method, unauthorized access detection program, and distributed service disablement attack detection device |
US20060046761A1 (en) * | 2004-08-27 | 2006-03-02 | Motorola, Inc. | Method and apparatus to customize a universal notifier |
US20060068761A1 (en) * | 2004-09-28 | 2006-03-30 | Lucent Technologies Inc. | System and method for prioritizing a store-and-forward message |
EP1834466B1 (en) * | 2004-12-30 | 2009-05-06 | Telecom Italia S.p.A. | Method and system for detecting attacks in wireless data communication networks |
US7515926B2 (en) * | 2005-03-30 | 2009-04-07 | Alcatel-Lucent Usa Inc. | Detection of power-drain denial-of-service attacks in wireless networks |
US20060230450A1 (en) * | 2005-03-31 | 2006-10-12 | Tian Bu | Methods and devices for defending a 3G wireless network against a signaling attack |
US8364148B2 (en) * | 2005-07-07 | 2013-01-29 | Qualcomm Incorporated | Methods and devices for interworking of wireless wide area networks and wireless local area networks or wireless personal area networks |
US20070070933A1 (en) | 2005-09-28 | 2007-03-29 | Mun-Choon Chan | Methods and systems for providing highly resilient IP-RANs |
-
2005
- 2005-12-19 US US11/303,915 patent/US8965334B2/en not_active Expired - Fee Related
-
2006
- 2006-12-15 CN CNA2006800478106A patent/CN101341715A/en active Pending
- 2006-12-15 JP JP2008547354A patent/JP5378799B2/en not_active Expired - Fee Related
- 2006-12-15 WO PCT/US2006/047929 patent/WO2007075423A2/en active Application Filing
- 2006-12-15 CN CN201510440938.XA patent/CN105025026A/en active Pending
- 2006-12-15 EP EP06845546.8A patent/EP1964366B1/en not_active Not-in-force
- 2006-12-15 KR KR1020087014804A patent/KR20080076960A/en not_active Application Discontinuation
-
2012
- 2012-08-06 JP JP2012173597A patent/JP5506871B2/en not_active Expired - Fee Related
-
2015
- 2015-01-14 US US14/596,758 patent/US20150215328A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
JP5506871B2 (en) | 2014-05-28 |
WO2007075423A3 (en) | 2007-09-07 |
KR20080076960A (en) | 2008-08-20 |
JP5378799B2 (en) | 2013-12-25 |
JP2012227964A (en) | 2012-11-15 |
JP2009520447A (en) | 2009-05-21 |
US20070143769A1 (en) | 2007-06-21 |
US20150215328A1 (en) | 2015-07-30 |
WO2007075423A2 (en) | 2007-07-05 |
CN105025026A (en) | 2015-11-04 |
US8965334B2 (en) | 2015-02-24 |
EP1964366A2 (en) | 2008-09-03 |
EP1964366B1 (en) | 2017-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101341715A (en) | Methods and devices for defending a 3g wireless network against malicious attacks | |
US8881283B2 (en) | System and method of malware sample collection on mobile networks | |
US9069957B2 (en) | System and method of reporting and visualizing malware on mobile networks | |
EP3496338B1 (en) | Method for identifying application information in network traffic, and apparatus | |
CN101352018B (en) | Method and system for network protection | |
KR101070614B1 (en) | Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation | |
JP4994359B2 (en) | Method and apparatus for protecting 3G wireless networks from signaling attacks | |
EP3404949B1 (en) | Detection of persistency of a network node | |
US20080196104A1 (en) | Off-line mms malware scanning system and method | |
CN101505219B (en) | Method and protecting apparatus for defending denial of service attack | |
CN103314557A (en) | Network system, controller, switch, and traffic monitoring method | |
CN107438254B (en) | Service identification method, device and system based on user behavior | |
CN102882894A (en) | Method and device for identifying attack | |
Beitollahi et al. | A cooperative mechanism to defense against distributed denial of service attacks | |
Ricciato et al. | On the impact of unwanted traffic onto a 3G network | |
Brahmi et al. | A Snort-based mobile agent for a distributed intrusion detection system | |
JP2008135871A (en) | Network monitoring system, network monitoring method, and network monitoring program | |
KR101253615B1 (en) | Security system on 3g wcdma networks | |
Li et al. | Characterizing high-frequency subscriber sessions in cellular data networks | |
Lai et al. | DoS detection in cluster-based sensor networks | |
KR20050002542A (en) | The method for protection DOS attack traffic by setting time frequency number which has multi-thresholds in access gateway or media gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20090107 |